SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

Slides:

Advertisements

Similar presentations

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Advertisements

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

Information Governance Jym Bates Head of Information Assurance.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Cyber crime & Security Prepared by : Rughani Zarana.

1.1 System Performance Security Module 1 Version 5.

Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.

Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Chapter 17 THE FUTURE OF BUSINESS Gitman & McDaniel 5 th Edition THE FUTURE OF BUSINESS Gitman & McDaniel 5 th Edition Chapter Using Technology to Manage.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

SAFE KNOWLEDGEwww.zondex.com SAFE KNOWLEDGE GEOFF ROBERTS Implementation Partner AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

KTAC Security Task Force Superintendents Update April 23, 2015.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Bailey Ryan.

TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Security and Ethics Safeguards and Codes of Conduct.

Safe’n’Sec IT security solutions for enterprises of any size.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Safety & Security By Kieran Bolko. Laws The main law that you should be taking note of is the Data Protection Act 1998 – this law sets rules for the electronic.

Computer Security Sample security policy Dr Alexei Vernitski.

Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Information Security and Privacy in HRIS

8 – Protecting Data and Security

Tim Carter Sales Director Sybase Confidential Propriety.

Lecture 14: Business Information Systems - ICT Security

Tim Carter Sales Director Sybase Confidential Propriety.

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Data Protection Scenarios

HIPAA Overview.

Communicating in the IT Industry

Chapter 5 Computer Security

Presentation transcript:

SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection

SAFE KNOWLEDGEwww.zondex.com Information Management THE FUTURE LANDSCAPE “The business environment of the future is likely to be very different from today’s, where boundaries between personal and business computing will blur and everyone and everything will be linked. In order to survive, firms must manage the new risks this environment creates” David Lacey Risk Management Bulletin

SAFE KNOWLEDGEwww.zondex.com Information Management THE ENTERPRISE GOAL The ultimate integration of policies, people, process and technology that will allow us to deliver the right information to the right people at the right time in the right context.

SAFE KNOWLEDGEwww.zondex.com Information Management THE ENTERPRISE TODAY “I’m flat out working on my technical responsibilities and I really don’t have the time or resources to get involved with IT security. As long as the network functions smoothly, I’m happy.” Comment from an enterprise IT manager

SAFE KNOWLEDGEwww.zondex.com Information Management THE ENTERPRISE TODAY “I have delegated responsibility for all IT security policy to the people in our IT department. They are the IT technical specialists, so this is their logical role.” Comment from an enterprise CEO

SAFE KNOWLEDGEwww.zondex.com Information wars “The 21 st Century will be dominated by information wars.” Alvin Toffler Futurist

SAFE KNOWLEDGEwww.zondex.com Information security “Organisations must take reasonable steps to keep information secure. Encryption of data is a basic expectation.” Australian Federal Privacy Commissioner

SAFE KNOWLEDGEwww.zondex.com Privacy protection “Our survey indicated that while 67% of companies were addressing the requirements outlined in the Privacy Amendment (Private Sector) Act 2000, 55% did not currently encrypt sensitive personal information.” Deloitte Touche Tohmatsu

SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control

SAFE KNOWLEDGEwww.zondex.com Unauthorised access n 70% - internal n Inadvertent access n Office “sticky beaks” n Employees wishing to steal information or damage the employer’s reputation n 30% - external n Recreational hacker groups n Protest groups n Criminals Source: Market research – Australian Projects 2003

SAFE KNOWLEDGEwww.zondex.com An unfortunate coincidence n Many organisations require passwords with a minimum of 8 characters n The word “password” has 8 characters n In an organisation in Sydney, the password for over 70% of employees was “password” n A medical centre in Melbourne required passwords with a minimum of 6 characters. n 100% of doctors had the same password, “doctor”.

SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution

SAFE KNOWLEDGEwww.zondex.com Unprotected data distribution n Unencrypted messages and attachments inadvertently sent to unauthorised recipients inside or outside the enterprise n CD-ROMs containing unencrypted confidential data, distributed in unsealed inter-office envelopes or in general mail deliveries

SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution n Unsafe storage of data

SAFE KNOWLEDGEwww.zondex.com Unsafe data storage practices n Removable media accessible to all employees n Removable media data content unencrypted n Critical data stored on premises with no safety copies stored securely elsewhere n Backup media removed to an unsafe location after hours

SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution n Unsafe data storage practices n Unsatisfactory perimeter defence

SAFE KNOWLEDGEwww.zondex.com Perimeter defence problems n Lack of understanding of where enterprise perimeters are located n Poor or non-existent security policies relating to laptop PCs, PDAs and other memory devices n No means to prescribe and enforce policies n Inability to detect any difference between normal and abnormal activity as devices connect n No response plan should an incident be detected

SAFE KNOWLEDGEwww.zondex.com Security problems n Lack of access control n Unprotected data distribution n Unsafe data storage practices n Unsatisfactory perimeter defence n Lost and stolen equipment

SAFE KNOWLEDGEwww.zondex.com Laptops and PDAs are vulnerable to theft Laptop PC and PDA thefts in New South Wales in 2004 n Over 15,000 devices reported stolen n Most had no data protection installed Source: NSW Bureau of Crime statistics

SAFE KNOWLEDGEwww.zondex.com Global trend in laptop computer thefts n 80% “amateur” opportunistic thefts n Of these, 80% resold or given to friends n 20% kept for personal use n 20% “professional” thefts n Of these, 50% stripped for spare parts or rebirthing n 50% sold intact Source: Oxygen / STOP

SAFE KNOWLEDGEwww.zondex.com Stolen laptops - cost n Equipment replacement cost n Lost software n Lost information n Time to reinstall software and set up n Time to re-enter data n Work interruption Total cost of replacement of hardware, software and data is generally 3 to 5 times the replacement value of the hardware alone. Source: Gartner Group “Total cost of stolen laptops”

SAFE KNOWLEDGEwww.zondex.com Laptop & PDA security Security can be divided into two elements: n Physical security n User access control and data encryption The top priorities are: n Changing users' attitudes and habits n Protecting data with encryption Private ownership of PDAs by employees can pose a highly sensitive challenge for the manager who must enforce security policies in relation to these devices.

SAFE KNOWLEDGEwww.zondex.com IT Security Check List n Who is responsible for developing and managing IT security policy in your enterprise? n Does your enterprise perceive it as a “technical” issue or a top-down management responsibility? n Is IT security policy in clear non-technical language, and is it communicated effectively to staff? n Do staff adhere to security policies and directives? n Have you implemented a robust access control infrastructure with appropriate user permissions? n How safe is stored data and data in transit, including s and removable media? n Are your laptop computers & PDA devices encrypted and controlled at enterprise level

SAFE KNOWLEDGEwww.zondex.com Information Management The solution? n Develop policies n Adopt technical solutions to implement and enforce policies n Educate employees in language they can understand

SAFE KNOWLEDGEwww.zondex.com Chris Joscelyne Tel: Fax: Reflex – PC Guardian – SecuriKey – Trust Digital – Zondex